1047 matches found
grafana: XSS vulnerability in data source handling
A Cross-site scripting XSS vulnerability was found in the way Grafana handles data sources. This flaw allows an attacker to serve HTML content through the Grafana data source or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site scripting...
Arbitrary Code Execution
github.com/pingcap/tidb is vulnerable to arbitrary code execution. The vulnerability exists because the data source name string in the database connection is not properly neutralized which allows an attacker to inject malicious code and get read access to files in the system...
GHSA-7FXJ-FR3V-R9GJ TiDB vulnerable to Use of Externally-Controlled Format String
TiDB server importer CLI tool prior to version 6.4.0 & 6.1.3 is vulnerable to data source name injection. The database name for generating and inserting data into a database does not properly sanitize user input which can lead to arbitrary file reads."...
TiDB vulnerable to Use of Externally-Controlled Format String
TiDB server importer CLI tool prior to version 6.4.0 & 6.1.3 is vulnerable to data source name injection. The database name for generating and inserting data into a database does not properly sanitize user input which can lead to arbitrary file reads."...
PT-2022-20025 · Tidb · Tidb
Name of the Vulnerable Software and Affected Versions: TiDB versions prior to 6.4.0 TiDB versions prior to 6.1.3 Description: The issue concerns the use of an externally-controlled format string and data source name injection in the TiDB server. Specifically, the database name for generating and...
Devolutions Remote Desktop Manager 安全漏洞
Devolutions Remote Desktop Manager is an application from Devolutions Canada. It provides remote desktop management functionality. A security vulnerability exists in Devolutions Remote Desktop Manager version 2022.3.7 and prior versions, which can be exploited by an attacker to gain unauthorized...
PT-2022-24077 · Unknown · Mysql Server +1
Name of the Vulnerable Software and Affected Versions: Remote Desktop Manager versions 2022.3.7 and prior Description: The issue allows deleted users to access unauthorized data due to active database connections on MySQL data sources. Recommendations: For Remote Desktop Manager versions 2022.3.7...
Remote Code Execution (RCE)
linkis-entrance is vulnerable to remote code execution. The vulnerability exists in the onProgressUpdate function of QueryPersistenceManager.java, allowing an attacker to inject and execute malicious query parameters when an attacker has write access to the database and configures a JDBC EC with ...
Apache Linkis subject to Remote Code Execution via deserialization
In Apache Linkis =1.2.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures a JDBC EC with a MySQL data source and malicious parameters. Therefore, the parameters in...
CVE-2022-39944
In Apache Linkis =1.2.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures a JDBC EC with a MySQL data source and malicious parameters. Therefore, the parameters in...
CVE-2022-39312 Dataease Mysql Data Source JDBC Connection Parameters Not Verified Leads to Deserialization Vulnerability
Dataease is an open source data visualization analysis tool. Dataease prior to 1.15.2 has a deserialization vulnerability. In Dataease, the Mysql data source in the data source function can customize the JDBC connection parameters and the Mysql server target to be connected. In...
CVE-2022-38671
creationtimestamp| type| source ---|---|--- 2022-10-14 22:29:22+00:00| seen| https://t.me/cibsecurity/51498...
CVE-2022-39201
A flaw was found in Grafana. The vulnerability impacts data source and plugin proxy endpoints under certain conditions. Grafana could leak the authentication cookie of users to plugins, which could result in an impact to confidentiality, integrity, and availability...
CVE-2022-31130
A flaw was found in Grafana's use of the GitLab data source plugin, leaking the API key to gitlab. This can result in the destination plugin receiving a Grafana user's authentication token, which could be used by an attacker...
CVE-2022-39201
Grafana is an open source observability and data visualization platform. Starting with version 5.0.0-beta1 and prior to versions 8.5.14 and 9.1.8, Grafana could leak the authentication cookie of users to plugins. The vulnerability impacts data source and plugin proxy endpoints under certain...
UBUNTU-CVE-2022-39201
Grafana is an open source observability and data visualization platform. Starting with version 5.0.0-beta1 and prior to versions 8.5.14 and 9.1.8, Grafana could leak the authentication cookie of users to plugins. The vulnerability impacts data source and plugin proxy endpoints under certain...
CVE-2022-31130 Grafana data source and plugin proxy endpoints leaking authentication tokens to some destination plugins
Grafana is an open source observability and data visualization platform. Versions of Grafana for endpoints prior to 9.1.8 and 8.5.14 could leak authentication tokens to some destination plugins under some conditions. The vulnerability impacts data source and plugin proxy endpoints with...
CVE-2022-39201
Grafana CVE-2022-39201 affects Grafana before patches in 8.5.14 and 9.1.8. The issue allows a destination plugin to receive a user’s Grafana authentication cookie via data source and plugin proxy endpoints under certain conditions, enabling cookie leakage. Patched in Grafana 8.5.14 and 9.1.8; oth...
CVE-2022-39201 Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins
Grafana is an open source observability and data visualization platform. Starting with version 5.0.0-beta1 and prior to versions 8.5.14 and 9.1.8, Grafana could leak the authentication cookie of users to plugins. The vulnerability impacts data source and plugin proxy endpoints under certain...
Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins
Grafana is an open source observability and data visualization platform. Versions of Grafana for endpoints prior to 9.1.8 and 8.5.14 could leak authentication tokens to some destination plugins under some conditions. The vulnerability impacts data source and plugin proxy endpoints with...